Graph: permission: grant API returning Access denied (403)

Question

I am trying to call /shares/{encoded-sharing-url}/permission/grant API with the encoded-sharing-url (shareid) from the /users/{userId}/drive/items/{itemId}/createLink API. But the API returns this error :

{
    "error": {
        "code": "accessDenied",
        "message": "Access denied",
        "innerError": {
            "date": "2024-01-19T06:34:22",
            "request-id": "ef540582-b8cf-4ef1-9ea4-2331e8f4ca0f",
            "client-request-id": "ef540582-b8cf-4ef1-9ea4-2331e8f4ca0f"
        }
    }
}

Request Body:

{
    "recipients": [
        {
            "email": "******@xyz.onmicrosoft.com"
        }
    ],
    "roles": ["read"]
}

Can somebody help me troubleshoot the issue?Here is the decoded access_token

Answer 1

Hi Ayush Jain Thanks for reaching out. You can use the following code to generate the encode sharing url required for the permission : grant API

string sharingUrl = "https://onedrive.live.com/redir?resid=1231244193912!12&authKey=1201919!12921!1";
string base64Value = System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(sharingUrl));
string encodedUrl = "u!" + base64Value.TrimEnd('=').Replace('/','_').Replace('+','-');

In the above code sharing url is the complete web path of the drive item, which can be obtained from webUrl property returned from the below endpoint GET /drives/{drive-id}/items/{item-id} or as mentioned in your case users/{user-id}/drive/items/{item-id}

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment"